Docs Home
AWS v6.78.0 published on Thursday, Apr 24, 2025 by Pulumi
aws.ec2clientvpn.Route
Explore with Pulumi AI
Provides additional routes for AWS Client VPN endpoints. For more information on usage, please see the AWS Client VPN Administrator’s Guide.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleEndpoint = new aws.ec2clientvpn.Endpoint("example", {
description: "Example Client VPN endpoint",
serverCertificateArn: exampleAwsAcmCertificate.arn,
clientCidrBlock: "10.0.0.0/16",
authenticationOptions: [{
type: "certificate-authentication",
rootCertificateChainArn: exampleAwsAcmCertificate.arn,
}],
connectionLogOptions: {
enabled: false,
},
});
const exampleNetworkAssociation = new aws.ec2clientvpn.NetworkAssociation("example", {
clientVpnEndpointId: exampleEndpoint.id,
subnetId: exampleAwsSubnet.id,
});
const example = new aws.ec2clientvpn.Route("example", {
clientVpnEndpointId: exampleEndpoint.id,
destinationCidrBlock: "0.0.0.0/0",
targetVpcSubnetId: exampleNetworkAssociation.subnetId,
});
import pulumi
import pulumi_aws as aws
example_endpoint = aws.ec2clientvpn.Endpoint("example",
description="Example Client VPN endpoint",
server_certificate_arn=example_aws_acm_certificate["arn"],
client_cidr_block="10.0.0.0/16",
authentication_options=[{
"type": "certificate-authentication",
"root_certificate_chain_arn": example_aws_acm_certificate["arn"],
}],
connection_log_options={
"enabled": False,
})
example_network_association = aws.ec2clientvpn.NetworkAssociation("example",
client_vpn_endpoint_id=example_endpoint.id,
subnet_id=example_aws_subnet["id"])
example = aws.ec2clientvpn.Route("example",
client_vpn_endpoint_id=example_endpoint.id,
destination_cidr_block="0.0.0.0/0",
target_vpc_subnet_id=example_network_association.subnet_id)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2clientvpn"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleEndpoint, err := ec2clientvpn.NewEndpoint(ctx, "example", &ec2clientvpn.EndpointArgs{
Description: pulumi.String("Example Client VPN endpoint"),
ServerCertificateArn: pulumi.Any(exampleAwsAcmCertificate.Arn),
ClientCidrBlock: pulumi.String("10.0.0.0/16"),
AuthenticationOptions: ec2clientvpn.EndpointAuthenticationOptionArray{
&ec2clientvpn.EndpointAuthenticationOptionArgs{
Type: pulumi.String("certificate-authentication"),
RootCertificateChainArn: pulumi.Any(exampleAwsAcmCertificate.Arn),
},
},
ConnectionLogOptions: &ec2clientvpn.EndpointConnectionLogOptionsArgs{
Enabled: pulumi.Bool(false),
},
})
if err != nil {
return err
}
exampleNetworkAssociation, err := ec2clientvpn.NewNetworkAssociation(ctx, "example", &ec2clientvpn.NetworkAssociationArgs{
ClientVpnEndpointId: exampleEndpoint.ID(),
SubnetId: pulumi.Any(exampleAwsSubnet.Id),
})
if err != nil {
return err
}
_, err = ec2clientvpn.NewRoute(ctx, "example", &ec2clientvpn.RouteArgs{
ClientVpnEndpointId: exampleEndpoint.ID(),
DestinationCidrBlock: pulumi.String("0.0.0.0/0"),
TargetVpcSubnetId: exampleNetworkAssociation.SubnetId,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleEndpoint = new Aws.Ec2ClientVpn.Endpoint("example", new()
{
Description = "Example Client VPN endpoint",
ServerCertificateArn = exampleAwsAcmCertificate.Arn,
ClientCidrBlock = "10.0.0.0/16",
AuthenticationOptions = new[]
{
new Aws.Ec2ClientVpn.Inputs.EndpointAuthenticationOptionArgs
{
Type = "certificate-authentication",
RootCertificateChainArn = exampleAwsAcmCertificate.Arn,
},
},
ConnectionLogOptions = new Aws.Ec2ClientVpn.Inputs.EndpointConnectionLogOptionsArgs
{
Enabled = false,
},
});
var exampleNetworkAssociation = new Aws.Ec2ClientVpn.NetworkAssociation("example", new()
{
ClientVpnEndpointId = exampleEndpoint.Id,
SubnetId = exampleAwsSubnet.Id,
});
var example = new Aws.Ec2ClientVpn.Route("example", new()
{
ClientVpnEndpointId = exampleEndpoint.Id,
DestinationCidrBlock = "0.0.0.0/0",
TargetVpcSubnetId = exampleNetworkAssociation.SubnetId,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2clientvpn.Endpoint;
import com.pulumi.aws.ec2clientvpn.EndpointArgs;
import com.pulumi.aws.ec2clientvpn.inputs.EndpointAuthenticationOptionArgs;
import com.pulumi.aws.ec2clientvpn.inputs.EndpointConnectionLogOptionsArgs;
import com.pulumi.aws.ec2clientvpn.NetworkAssociation;
import com.pulumi.aws.ec2clientvpn.NetworkAssociationArgs;
import com.pulumi.aws.ec2clientvpn.Route;
import com.pulumi.aws.ec2clientvpn.RouteArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleEndpoint = new Endpoint("exampleEndpoint", EndpointArgs.builder()
.description("Example Client VPN endpoint")
.serverCertificateArn(exampleAwsAcmCertificate.arn())
.clientCidrBlock("10.0.0.0/16")
.authenticationOptions(EndpointAuthenticationOptionArgs.builder()
.type("certificate-authentication")
.rootCertificateChainArn(exampleAwsAcmCertificate.arn())
.build())
.connectionLogOptions(EndpointConnectionLogOptionsArgs.builder()
.enabled(false)
.build())
.build());
var exampleNetworkAssociation = new NetworkAssociation("exampleNetworkAssociation", NetworkAssociationArgs.builder()
.clientVpnEndpointId(exampleEndpoint.id())
.subnetId(exampleAwsSubnet.id())
.build());
var example = new Route("example", RouteArgs.builder()
.clientVpnEndpointId(exampleEndpoint.id())
.destinationCidrBlock("0.0.0.0/0")
.targetVpcSubnetId(exampleNetworkAssociation.subnetId())
.build());
}
}
resources:
example:
type: aws:ec2clientvpn:Route
properties:
clientVpnEndpointId: ${exampleEndpoint.id}
destinationCidrBlock: 0.0.0.0/0
targetVpcSubnetId: ${exampleNetworkAssociation.subnetId}
exampleNetworkAssociation:
type: aws:ec2clientvpn:NetworkAssociation
name: example
properties:
clientVpnEndpointId: ${exampleEndpoint.id}
subnetId: ${exampleAwsSubnet.id}
exampleEndpoint:
type: aws:ec2clientvpn:Endpoint
name: example
properties:
description: Example Client VPN endpoint
serverCertificateArn: ${exampleAwsAcmCertificate.arn}
clientCidrBlock: 10.0.0.0/16
authenticationOptions:
- type: certificate-authentication
rootCertificateChainArn: ${exampleAwsAcmCertificate.arn}
connectionLogOptions:
enabled: false
Create Route Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Route(name: string, args: RouteArgs, opts?: CustomResourceOptions);@overload
def Route(resource_name: str,
args: RouteArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Route(resource_name: str,
opts: Optional[ResourceOptions] = None,
client_vpn_endpoint_id: Optional[str] = None,
destination_cidr_block: Optional[str] = None,
target_vpc_subnet_id: Optional[str] = None,
description: Optional[str] = None)func NewRoute(ctx *Context, name string, args RouteArgs, opts ...ResourceOption) (*Route, error)public Route(string name, RouteArgs args, CustomResourceOptions? opts = null)type: aws:ec2clientvpn:Route
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. RouteArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. RouteArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. RouteArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. RouteArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. RouteArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplerouteResourceResourceFromEc2clientvpnroute = new Aws.Ec2ClientVpn.Route("examplerouteResourceResourceFromEc2clientvpnroute", new()
{
ClientVpnEndpointId = "string",
DestinationCidrBlock = "string",
TargetVpcSubnetId = "string",
Description = "string",
});
example, err := ec2clientvpn.NewRoute(ctx, "examplerouteResourceResourceFromEc2clientvpnroute", &ec2clientvpn.RouteArgs{
ClientVpnEndpointId: pulumi.String("string"),
DestinationCidrBlock: pulumi.String("string"),
TargetVpcSubnetId: pulumi.String("string"),
Description: pulumi.String("string"),
})
var examplerouteResourceResourceFromEc2clientvpnroute = new com.pulumi.aws.ec2clientvpn.Route("examplerouteResourceResourceFromEc2clientvpnroute", com.pulumi.aws.ec2clientvpn.RouteArgs.builder()
.clientVpnEndpointId("string")
.destinationCidrBlock("string")
.targetVpcSubnetId("string")
.description("string")
.build());
exampleroute_resource_resource_from_ec2clientvpnroute = aws.ec2clientvpn.Route("examplerouteResourceResourceFromEc2clientvpnroute",
client_vpn_endpoint_id="string",
destination_cidr_block="string",
target_vpc_subnet_id="string",
description="string")
const examplerouteResourceResourceFromEc2clientvpnroute = new aws.ec2clientvpn.Route("examplerouteResourceResourceFromEc2clientvpnroute", {
clientVpnEndpointId: "string",
destinationCidrBlock: "string",
targetVpcSubnetId: "string",
description: "string",
});
type: aws:ec2clientvpn:Route
properties:
clientVpnEndpointId: string
description: string
destinationCidrBlock: string
targetVpcSubnetId: string
Route Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Route resource accepts the following input properties:
- Client
Vpn Endpoint Id stringThis property is required. 
Changes to this property will trigger replacement. - The ID of the Client VPN endpoint.
- Destination
Cidr Block stringThis property is required. Changes to this property will trigger replacement. - The IPv4 address range, in CIDR notation, of the route destination.
- Target
Vpc Subnet Id stringThis property is required. Changes to this property will trigger replacement. - The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
- Description
- A brief description of the route.
- Client
Vpn Endpoint Id stringThis property is required. Changes to this property will trigger replacement. - The ID of the Client VPN endpoint.
- Destination
Cidr Block stringThis property is required. Changes to this property will trigger replacement. - The IPv4 address range, in CIDR notation, of the route destination.
- Target
Vpc Subnet Id stringThis property is required. Changes to this property will trigger replacement. - The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
- Description
- A brief description of the route.
- client
Vpn Endpoint Id StringThis property is required. Changes to this property will trigger replacement. - The ID of the Client VPN endpoint.
- destination
Cidr Block StringThis property is required. Changes to this property will trigger replacement. - The IPv4 address range, in CIDR notation, of the route destination.
- target
Vpc Subnet Id StringThis property is required. Changes to this property will trigger replacement. - The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
- description
- A brief description of the route.
- client
Vpn Endpoint Id stringThis property is required. Changes to this property will trigger replacement. - The ID of the Client VPN endpoint.
- destination
Cidr Block stringThis property is required. Changes to this property will trigger replacement. - The IPv4 address range, in CIDR notation, of the route destination.
- target
Vpc Subnet Id stringThis property is required. Changes to this property will trigger replacement. - The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
- description
- A brief description of the route.
- client_
vpn_ endpoint_ id strThis property is required. Changes to this property will trigger replacement. - The ID of the Client VPN endpoint.
- destination_
cidr_ block strThis property is required. Changes to this property will trigger replacement. - The IPv4 address range, in CIDR notation, of the route destination.
- target_
vpc_ subnet_ id strThis property is required. Changes to this property will trigger replacement. - The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
- description
- A brief description of the route.
- client
Vpn Endpoint Id StringThis property is required. Changes to this property will trigger replacement. - The ID of the Client VPN endpoint.
- destination
Cidr Block StringThis property is required. Changes to this property will trigger replacement. - The IPv4 address range, in CIDR notation, of the route destination.
- target
Vpc Subnet Id StringThis property is required. Changes to this property will trigger replacement. - The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
- description
- A brief description of the route.
Outputs
All input properties are implicitly available as output properties. Additionally, the Route resource produces the following output properties:
Look up Existing Route Resource
Get an existing Route resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RouteState, opts?: CustomResourceOptions): Route@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
client_vpn_endpoint_id: Optional[str] = None,
description: Optional[str] = None,
destination_cidr_block: Optional[str] = None,
origin: Optional[str] = None,
target_vpc_subnet_id: Optional[str] = None,
type: Optional[str] = None) -> Routefunc GetRoute(ctx *Context, name string, id IDInput, state *RouteState, opts ...ResourceOption) (*Route, error)public static Route Get(string name, Input<string> id, RouteState? state, CustomResourceOptions? opts = null)public static Route get(String name, Output<String> id, RouteState state, CustomResourceOptions options)resources: _: type: aws:ec2clientvpn:Route get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Client
Vpn Endpoint Id - The ID of the Client VPN endpoint.
- Description
- A brief description of the route.
- Destination
Cidr Block - The IPv4 address range, in CIDR notation, of the route destination.
- Origin string
- Indicates how the Client VPN route was added. Will be
add-routefor routes created by this resource. - Target
Vpc Subnet Id - The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
- Type string
- The type of the route.
- Client
Vpn Endpoint Id - The ID of the Client VPN endpoint.
- Description
- A brief description of the route.
- Destination
Cidr Block - The IPv4 address range, in CIDR notation, of the route destination.
- Origin string
- Indicates how the Client VPN route was added. Will be
add-routefor routes created by this resource. - Target
Vpc Subnet Id - The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
- Type string
- The type of the route.
- client
Vpn Endpoint Id - The ID of the Client VPN endpoint.
- description
- A brief description of the route.
- destination
Cidr Block - The IPv4 address range, in CIDR notation, of the route destination.
- origin String
- Indicates how the Client VPN route was added. Will be
add-routefor routes created by this resource. - target
Vpc Subnet Id - The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
- type String
- The type of the route.
- client
Vpn Endpoint Id - The ID of the Client VPN endpoint.
- description
- A brief description of the route.
- destination
Cidr Block - The IPv4 address range, in CIDR notation, of the route destination.
- origin string
- Indicates how the Client VPN route was added. Will be
add-routefor routes created by this resource. - target
Vpc Subnet Id - The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
- type string
- The type of the route.
- client_
vpn_ endpoint_ id - The ID of the Client VPN endpoint.
- description
- A brief description of the route.
- destination_
cidr_ block - The IPv4 address range, in CIDR notation, of the route destination.
- origin str
- Indicates how the Client VPN route was added. Will be
add-routefor routes created by this resource. - target_
vpc_ subnet_ id - The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
- type str
- The type of the route.
- client
Vpn Endpoint Id - The ID of the Client VPN endpoint.
- description
- A brief description of the route.
- destination
Cidr Block - The IPv4 address range, in CIDR notation, of the route destination.
- origin String
- Indicates how the Client VPN route was added. Will be
add-routefor routes created by this resource. - target
Vpc Subnet Id - The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
- type String
- The type of the route.
Import
Using pulumi import, import AWS Client VPN routes using the endpoint ID, target subnet ID, and destination CIDR block. All values are separated by a ,. For example:
$ pulumi import aws:ec2clientvpn/route:Route example cvpn-endpoint-1234567890abcdef,subnet-9876543210fedcba,10.1.0.0/24
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.